
Backup tool is cause for concern...
By Joris Evers
Published: 1 July 2005 09:05 BST
A security flaw in a Veritas Software backup tool is being exploited to attack corporate systems, the US watchdog for internet threats has warned.
Malicious code to exploit a vulnerability in Veritas Software's Backup Exec Remote Agent for Windows is publicly available, the US Computer Emergency Readiness Team (US-Cert) said in an alert on Thursday. The organisation has received reports of attacks and has seen an increase in scanning activity on TCP Port 10000, an indication that hackers are looking for vulnerable systems.
The buffer overflow flaw in the Veritas software could allow an intruder to gain control of a vulnerable system. The tool is used to trigger backup of data on Microsoft Windows servers, to protect the data from computer crashes, storage system catastrophes and other risks. It listens for commands addressed to TCP Port 10000 and accepts links to the backup server before the backup. However, it fails to properly validate incoming packets, Veritas said in an advisory last week.
The Backup Exec Remote Agent bug is one of several flaws in Backup Exec products that Veritas provided fixes for last week. The problem was discovered by security company iDefense, the storage company said.
The company and US-Cert are urging companies to apply the patches. For protection, they could also use a firewall to filter traffic on Port 10000 to accept only commands from backup servers, US-Cert said.
A Veritas representative said the company is not aware of any attacks on customer systems.
Veritas is in the process of merging with security specialist Symantec.
Joris Evers writes for CNET News.com
VERITAS Backup Exec 10 for Windows Servers: Agent for Microsoft Exchange Server
VERITAS Backup Exec for Windows Servers: Management Pack for Microsoft Operations Manager Guide
AOK Decide in Favour of VERITAS Backup Exec by VERITAS Software
Managing Distributed Backup Servers: VERITAS Backup Exec 9.1 for Windows Servers
Previous experience of backup administration and exposure to backup software, such as Veritas Netbackup, Backup Exec, Legato Networker, HP Omniback, ...
Veritas Backup Exec, Double-Take & NT Backup. You will be providing daily maintenance, configuration & installation along with remote administration ...
The successful candidate will support Windows Server 2003, Backup Exec, Exchange, Firewall, VPN, Antivirus/Antispam, Active Directory & Group Policy. ...
CIO50 2008
The silicon.com CIO50 2008 profiles the most influential and innovative tech chiefs in the UK across all industries and organisation size, from the biggest FTSE100 companies to high growth dot-com start ups and the public sector. The list was voted on by the UK CIO community and a panel of experts. Find out more in our latest special report.
Stories from the web...
Copyright ©1995-2008 CNET Networks, Inc. All rights reserved. Top of page
Peter Cochrane Peter Cochrane's Blog: Is convergence a fiction? Or could it finally be happening…
Clive Longbottom Quocirca's Straight Talking: A game of two halves Microsoft Virtualisation scores while its SOA bores...